From 4691b1220538e29eacc2712a7e88c9019300bec1 Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Fri, 15 Dec 2023 15:22:59 -0500 Subject: [PATCH] [v14] fix agent config tempalting when using appResource and discovery (#35783) * fix agent config tempalting when using appResource and discovery * add snapshot test --- .../.lint/app-discovery-full.yaml | 11 ++ ...covery.yaml => app-discovery-minimal.yaml} | 0 .../teleport-kube-agent/templates/_config.tpl | 22 +-- .../tests/__snapshot__/config_test.yaml.snap | 162 ++++++++++++------ .../tests/config_test.yaml | 14 +- 5 files changed, 144 insertions(+), 65 deletions(-) create mode 100644 examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml rename examples/chart/teleport-kube-agent/.lint/{app-discovery.yaml => app-discovery-minimal.yaml} (100%) diff --git a/examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml b/examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml new file mode 100644 index 0000000000000..7202a28d38136 --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml @@ -0,0 +1,11 @@ +roles: app,discovery +proxyAddr: teleport.example.com +kubeClusterName: example +apps: + - name: test + uri: https://console.aws.amazon.com/ec2/v2/home + labels: + env: test +appResources: + - labels: + "*": "*" diff --git a/examples/chart/teleport-kube-agent/.lint/app-discovery.yaml b/examples/chart/teleport-kube-agent/.lint/app-discovery-minimal.yaml similarity index 100% rename from examples/chart/teleport-kube-agent/.lint/app-discovery.yaml rename to examples/chart/teleport-kube-agent/.lint/app-discovery-minimal.yaml diff --git a/examples/chart/teleport-kube-agent/templates/_config.tpl b/examples/chart/teleport-kube-agent/templates/_config.tpl index 357cddf72e243..565e80923a40b 100644 --- a/examples/chart/teleport-kube-agent/templates/_config.tpl +++ b/examples/chart/teleport-kube-agent/templates/_config.tpl @@ -16,7 +16,7 @@ teleport: auth_servers: ["{{ required "proxyAddr is required in chart values" .Values.proxyAddr }}"] {{- end }} {{- if .Values.caPin }} - ca_pin: {{- toYaml .Values.caPin | nindent 8 }} + ca_pin: {{- toYaml .Values.caPin | nindent 4 }} {{- end }} log: severity: {{ $logLevel }} @@ -30,7 +30,7 @@ kubernetes_service: enabled: true kube_cluster_name: {{ required "kubeClusterName is required in chart values when kube role is enabled, see README" .Values.kubeClusterName }} {{- if .Values.labels }} - labels: {{- toYaml .Values.labels | nindent 8 }} + labels: {{- toYaml .Values.labels | nindent 4 }} {{- end }} {{- else }} enabled: false @@ -56,16 +56,16 @@ app_service: {{- end }} {{- end }} apps: - {{- toYaml .Values.apps | nindent 8 }} + {{- toYaml .Values.apps | nindent 4 }} {{- end }} resources: {{- if .Values.appResources }} - {{- toYaml .Values.appResources | nindent 8 }} + {{- toYaml .Values.appResources | nindent 4 }} {{- end }} {{- if $appDiscoveryEnabled }} - - labels: - "teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}" - "teleport.dev/origin": "discovery-kubernetes" + - labels: + "teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}" + "teleport.dev/origin": "discovery-kubernetes" {{- end }} {{- else }} enabled: false @@ -90,11 +90,11 @@ db_service: {{- fail "'tags' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }} {{- end }} {{- end }} - {{- toYaml .Values.awsDatabases | nindent 6 }} + {{- toYaml .Values.awsDatabases | nindent 4 }} {{- end }} {{- if .Values.azureDatabases }} azure: - {{- toYaml .Values.azureDatabases | nindent 6 }} + {{- toYaml .Values.azureDatabases | nindent 4 }} {{- end}} {{- if .Values.databases }} databases: @@ -109,11 +109,11 @@ db_service: {{- fail "'protocol' is required for all 'databases' in chart values when db role is enabled, see README" }} {{- end }} {{- end }} - {{- toYaml .Values.databases | nindent 6 }} + {{- toYaml .Values.databases | nindent 4 }} {{- end }} {{- if .Values.databaseResources }} resources: - {{- toYaml .Values.databaseResources | nindent 6 }} + {{- toYaml .Values.databaseResources | nindent 4 }} {{- end }} {{- else }} enabled: false diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap index 28bdda3cd0346..a245dd08d44d1 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap @@ -261,6 +261,116 @@ matches snapshot for all-v6.yaml: kubernetes.io/config-different: 2 name: RELEASE-NAME namespace: NAMESPACE +matches snapshot for app-discovery-full.yaml: + 1: | + apiVersion: v1 + data: + teleport.yaml: |- + app_service: + apps: + - labels: + env: test + name: test + uri: https://console.aws.amazon.com/ec2/v2/home + enabled: true + resources: + - labels: + '*': '*' + - labels: + teleport.dev/kubernetes-cluster: example + teleport.dev/origin: discovery-kubernetes + auth_service: + enabled: false + db_service: + enabled: false + discovery_service: + discovery_group: example + enabled: true + kubernetes: + - labels: + '*': '*' + namespaces: + - '*' + types: + - app + kubernetes_service: + enabled: false + proxy_service: + enabled: false + ssh_service: + enabled: false + teleport: + join_params: + method: token + token_name: /etc/teleport-secrets/auth-token + log: + format: + extra_fields: + - timestamp + - level + - component + - caller + output: text + output: stderr + severity: INFO + proxy_server: teleport.example.com + version: v3 + kind: ConfigMap + metadata: + name: RELEASE-NAME + namespace: NAMESPACE +matches snapshot for app-discovery-minimal.yaml: + 1: | + apiVersion: v1 + data: + teleport.yaml: |- + app_service: + enabled: true + resources: + - labels: + teleport.dev/kubernetes-cluster: test-kube-cluster + teleport.dev/origin: discovery-kubernetes + auth_service: + enabled: false + db_service: + enabled: false + discovery_service: + discovery_group: test-kube-cluster + enabled: true + kubernetes: + - labels: + '*': '*' + namespaces: + - '*' + types: + - app + kubernetes_service: + enabled: true + kube_cluster_name: test-kube-cluster + proxy_service: + enabled: false + ssh_service: + enabled: false + teleport: + join_params: + method: token + token_name: /etc/teleport-secrets/auth-token + log: + format: + extra_fields: + - timestamp + - level + - component + - caller + output: text + output: stderr + severity: INFO + proxy_server: proxy.example.com:3080 + version: v3 + kind: ConfigMap + metadata: + name: RELEASE-NAME + namespace: NAMESPACE matches snapshot for aws-databases.yaml: 1: | apiVersion: v1 @@ -1185,55 +1295,3 @@ matches snapshot for volumes.yaml: metadata: name: RELEASE-NAME namespace: NAMESPACE -matches snapshot when app discovery is enabled: - 1: | - apiVersion: v1 - data: - teleport.yaml: |- - app_service: - enabled: true - resources: - - labels: - teleport.dev/kubernetes-cluster: test-kube-cluster - teleport.dev/origin: discovery-kubernetes - auth_service: - enabled: false - db_service: - enabled: false - discovery_service: - discovery_group: test-kube-cluster - enabled: true - kubernetes: - - labels: - '*': '*' - namespaces: - - '*' - types: - - app - kubernetes_service: - enabled: true - kube_cluster_name: test-kube-cluster - proxy_service: - enabled: false - ssh_service: - enabled: false - teleport: - join_params: - method: token - token_name: /etc/teleport-secrets/auth-token - log: - format: - extra_fields: - - timestamp - - level - - component - - caller - output: text - output: stderr - severity: INFO - proxy_server: proxy.example.com:3080 - version: v3 - kind: ConfigMap - metadata: - name: RELEASE-NAME - namespace: NAMESPACE diff --git a/examples/chart/teleport-kube-agent/tests/config_test.yaml b/examples/chart/teleport-kube-agent/tests/config_test.yaml index 1f12fe03e252b..f7a8eb1e0c32a 100644 --- a/examples/chart/teleport-kube-agent/tests/config_test.yaml +++ b/examples/chart/teleport-kube-agent/tests/config_test.yaml @@ -290,9 +290,19 @@ tests: of: ConfigMap - matchSnapshot: {} - - it: matches snapshot when app discovery is enabled + - it: matches snapshot for app-discovery-minimal.yaml values: - - ../.lint/app-discovery.yaml + - ../.lint/app-discovery-minimal.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - matchSnapshot: {} + + - it: matches snapshot for app-discovery-full.yaml + values: + - ../.lint/app-discovery-full.yaml asserts: - hasDocuments: count: 1